Solutions for mitigating cybersecurity risks caused by legacy software in medical devices
A scoping review
Tom Tervoort (Universiteit van Amsterdam)
Marcela Tuler De Oliveira (Universiteit van Amsterdam)
Wolter Pieters (TU Delft - Organisation & Governance)
PHAJM van Gelder (TU Delft - Safety and Security Science)
Silvia Delgado Olabarriaga (Universiteit van Amsterdam)
Henk A. Marquering (Universiteit van Amsterdam)
More Info
expand_more
Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.
Abstract
Cyberattacks against healthcare institutions threaten patient care. The risk of being targeted by a damaging attack is increased when medical devices are used which rely on unmaintained legacy software that cannot be replaced and may have publicly known vulnerabilities. This review aims to provide insight into solutions presented in the literature that mitigate risks caused by legacy software on medical devices. We performed a scoping review by categorising and analysing the contributions of a selection of articles, taken from a literature set discovered through bidirectional citation searching. We found 18 solutions, each fitting at least one of the categories of intrusion detection and prevention, communication tunnelling or hardware protections. Approaches taken include proxying Bluetooth communication through smartphones, behaviour-specification based anomaly detection and authenticating signals based on physical characteristics. These solutions are applicable to various use-cases, ranging from securing pacemakers to medical sensor networks. Most of the solutions are based on intrusion detection and on tunnelling insecure wireless communications. These technologies have distinct application areas, and the decision which one is most appropriate will depend on the type of medical device.
help_outline